Lucene search
K

86 matches found

CNNVD
CNNVD
added 2024/08/22 12:0 a.m.2 views

OpenIPMI 安全漏洞

OpenIPMI is an open source project from OpenIPMI Open Source. Designed to create a fully functional IPMI system that allows full access rights to all IPMI information on a server. A security vulnerability exists in OpenIPMI that stems from a lack of authorization type checking on incoming LAN...

5CVSS4.9AI score0.00395EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/08/15 6:31 p.m.8 views

cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +185 more potentially affected by CVE-2024-42681 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.1)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2024-42681 Source advisory: OSV:GHSA-CPFP-M5QW-C4R3...

8.8CVSS5.7AI score0.00886EPSS
Exploits1
Apple
Apple
added 2024/07/29 12:0 a.m.61 views

About the security content of macOS Ventura 13.6.8

About the security content of macOS Ventura 13.6.8 This document describes the security content of macOS Ventura 13.6.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

8.6CVSS8.8AI score0.99506EPSS
Exploits73References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/10 8:16 p.m.30 views

CVE-2024-36418 SuiteCRM authenticated RCE using connectors

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.5CVSS7.6AI score0.00803EPSS
Exploits0References1
CNVD
CNVD
added 2024/05/28 12:0 a.m.10 views

AJ-Report SQL Injection Vulnerability (CNVD-2024-27556)

AJ-Report is anji-plus open source a completely open source , drag and drop editing visual design tools. AJ-Report 1.4.1 and earlier versions of SQL injection vulnerability , there is no detailed vulnerability details provided...

9.8CVSS7.9AI score0.01026EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/01/18 3:55 p.m.4 views

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-6R8P-HPG7-825G...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/16 7:32 a.m.22 views

China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology MIIT on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensu...

6.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/15 12:30 p.m.4 views

org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=1.6.179) potentially affected by CVE-2023-6837 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=1.6.179)

org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =1.6.179 Source cves: CVE-2023-6837 Source advisory: OSV:GHSA-F6JM-9PR8-9C3W...

8.5CVSS7.2AI score0.0046EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/12 11:15 p.m.9 views

nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-50263 via nautobot (=2.0.0)

nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-50263 Source advisory: OSV:PYSEC-2023-286...

5.3CVSS6AI score0.00748EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/10/13 9:30 a.m.15 views

Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve...

8.8CVSS6.5AI score0.00651EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/06/15 9:30 p.m.11 views

GHSA-GFMM-WW6F-5MM5 Magento Open Source allows Improper Neutralization of Special Elements Used

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of...

9.4CVSS9.1AI score0.01223EPSS
Exploits0References3
OSV
OSV
added 2023/06/01 1:15 a.m.11 views

UBUNTU-CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

7.1CVSS7.2AI score0.00295EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/10/19 9:20 p.m.18 views

CVE-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7CVSS7.5AI score0.00756EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2022/07/15 8:0 a.m.3 views

CVE-2022-2131

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack...

9.8CVSS5.9AI score0.00747EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/25 7:33 p.m.4 views

causalegm (>=0.2.1 <=0.2.5), chrombpnet (>=0.1.0 <=0.1.2) +3 more potentially affected by unknown CVE via tensorflow-gpu (=2.8.0)

tensorflow-gpu PYPI version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - causalegm =0.2.1, =0.1.0, =0.0.6, =2.3.5, =2.4.1 - tlaunch =0.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-MW6J-HH29-H379...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:12 p.m.6 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2163 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2163 Source advisory: OSV:GHSA-2XCM-H7VV-G8M9...

5.4CVSS6AI score0.01159EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 3:13 a.m.7 views

com.base2services.jenkins:github-sqs-plugin (>=1.0 <=1.1), com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.6) +23 more potentially affected by CVE-2018-1000184 via com.coravy.hudson.plugins.github:github (>=1.10 <=1.27.0)

com.coravy.hudson.plugins.github:github MAVEN version =1.10, =1.0, =4.0.9, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =1.3.0, =1.0, =0.9.14, =1.36.0, =1.42.2 and more Source cves: CVE-2018-1000184 Source advisory:...

5.5CVSS6.1AI score0.00608EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 1:27 a.m.6 views

cn.home1:spring-cloud-eureka-server (>=0.0.1 <=1.0.1.U1), com.github.springcloud:moss-client-1.x (=1.0.1.RELEASE) +162 more potentially affected by CVE-2018-1000130 via org.jolokia:jolokia-core (>=1.3.7 <=1.4.0)

org.jolokia:jolokia-core MAVEN version =1.3.7, =0.0.1, =1.2.0, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =0.1.5, =0.1.5, =2.0-beta-1, =2.3.0, =2.7.1 and more Source cves: CVE-2018-1000130 Source advisory: OSV:GHSA-RHQJ-4PP8-VVGF...

8.1CVSS7.2AI score0.73566EPSS
Exploits1
CNVD
CNVD
added 2022/03/14 12:0 a.m.9 views

CasaOS Command Injection Vulnerability

CasaOS is a simple, easy-to-use and elegant open source home cloud system. A command injection vulnerability exists in CasaOS versions prior to 0.2.7. The vulnerability stems from the failure of a networked system or product to properly filter special characters, commands, etc. from a user's inpu...

9.8CVSS7.1AI score0.05967EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.14 views

BossCMS V1.1 Arbitrary File Download Vulnerability in Background

BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS background arbitrary file download vulnerability, attackers can use the vulnerability to download any file in the server...

7.3AI score
Exploits0
Rows per page
Query Builder